Suggestion for #46

add file value for var DANTE_LOGOUTPUT and TINYPROXYLOGOUTPUT
edgd1er · Jan 27, 2025 · 282aced · 282aced
1 parent 0d9ba80
commit 282aced
Show file tree

Hide file tree

Showing 6 changed files with 45 additions and 20 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -27,9 +27,10 @@ ENV OBFUSCATE=off
 ENV IPV6=off
 ENV DEBUG=0
 ENV TINYLOGLEVEL=error
+ENV TINYLOGOUTPUT=stdout
 ENV TINYPORT=8888
 ENV DANTE_LOGLEVEL=error
-ENV DANTE_ERRORLOG=/dev/null
+ENV DANTE_LOGOUTPUT=/dev/null
 ENV DANTE_DEBUG=0
 ENV GENERATE_WIREGUARD_CONF=false
 ENV TECHNOLOGY=nordlynx
@@ -77,6 +78,7 @@ RUN if [[ -n "${aptcacher}" ]]; then echo "Acquire::http::Proxy \"http://${aptca
 
 HEALTHCHECK --interval=5m --timeout=20s --start-period=1m CMD /app/healthcheck.sh
 WORKDIR /app
+VOLUME /var/log/
 
 # Start supervisord as init system
 CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"]
diff --git a/README.md b/README.md
@@ -138,9 +138,10 @@ services:
       #- TINYUSER: optional, enforces authentication over tinyproxy when set with TINYPASS.
       #- TINYPASS: optional, enforces authentication over tinyproxy when set with TINYUSER.
       #- TINYLOGLEVEL=error #Optional, default error: Critical (least verbose), Error, Warning, Notice, Connect (to log connections without info's noise), Info
+      - TINYLOGOUTPUT=file # Optional, stdout or file.
       #- TINYPORT=8888 #define tinyport inside the container, optional, 8888 by default,
       #- DANTE_LOGLEVEL="error" #Optional, error by default, available values: connect disconnect error data
-      - DANTE_ERRORLOG=/dev/stdout #Optional, /dev/null by default
+      - DANTE_LOGOUTPUT=file #Optional, stdout, null, file (/var/log/dante.log=
       #- DANTE_DEBUG=0 # Optional, 0-9
       #- GENERATE_WIREGUARD_CONF=true #write /etc/wireguard/wg0.conf if true
     secrets:

diff --git a/app/dante_config.sh b/app/dante_config.sh
@@ -6,16 +6,26 @@ source /app/utils.sh
 SOURCE_DANTE_CONF=/etc/danted.conf.tmpl
 DANTE_CONF=/etc/sockd.conf
 DANTE_DEBUG=${DANTE_DEBUG:-0}
-DANTE_LOGLEVEL=${DANTE_LOGLEVEL:-""}
-DANTE_ERRORLOG=${DANTE_ERRORLOG:-"Error"}
+DANTE_LOGLEVEL=${DANTE_LOGLEVEL:-"error"}
 INTERFACE=$(ifconfig | grep -oE "(nordtun|nordlynx)")
 DANTE_LOGLEVEL=${DANTE_LOGLEVEL//\"/}
-DANTE_ERRORLOG=${DANTE_ERRORLOG//\"/}
+DANTE_LOGOUTPUT=${DANTE_LOGOUTPUT//\"/}
 
-log "INFO: DANTE: INTERFACE: ${INTERFACE}, error log: ${DANTE_ERRORLOG}, log level: ${DANTE_LOGLEVEL}, dante debug: ${DANTE_DEBUG}"
+log "INFO: DANTE: INTERFACE: ${INTERFACE}, error log: ${DANTE_LOGOUTPUT}, log level: ${DANTE_LOGLEVEL}, dante debug: ${DANTE_DEBUG}"
 sed "s/INTERFACE/${INTERFACE}/" ${SOURCE_DANTE_CONF} >${DANTE_CONF}
-sed -i "s/DANTE_DEBUG/${DANTE_DEBUG}/" ${DANTE_CONF}
 sed -i "s/#clientmethod: none/clientmethod: none/" ${DANTE_CONF}
+sed -i "s/DANTE_DEBUG/${DANTE_DEBUG}/" ${DANTE_CONF}
+sed -i "s/log: error/log: ${DANTE_LOGLEVEL}/g" ${DANTE_CONF}
+
+#define logoutput
+if [[ "file" == ${DANTE_LOGOUTPUT} ]]; then
+  echo "Setting dante log to /var/log/dante.log"
+  sed -i -r "s%^#?logoutput: DANTE_LOGOUTPUT%logoutput: /var/log/dante.log%" ${DANTE_CONF}
+else
+  echo "Settting dante log to stdout"
+  sed -i -r "s%^#?logoutput: DANTE_LOGOUTPUT%logoutput: stdout%" ${DANTE_CONF}
+fi
+
 
 #basic Auth
 TCREDS_SECRET_FILE=/run/secrets/TINY_CREDS
@@ -80,6 +90,7 @@ socks pass {
 " >>${DANTE_CONF}
 
 [[ -n ${DANTE_LOGLEVEL} ]] && sed -i "s/log: error/log: ${DANTE_LOGLEVEL}/" ${DANTE_CONF}
-[[ -n ${DANTE_ERRORLOG} ]] && sed -i "s#errorlog: /dev/null#errorlog: ${DANTE_ERRORLOG}#" ${DANTE_CONF}
+#[[ -n ${DANTE_ERRORLOG} ]] && sed -i "s#errorlog: /dev/null#errorlog: ${DANTE_ERRORLOG}#" ${DANTE_CONF}
+
 log "INFO: DANTE: check configuration socks proxy"
 danted -Vf ${DANTE_CONF}
diff --git a/app/tinyproxy_config.sh b/app/tinyproxy_config.sh
@@ -10,6 +10,7 @@ TINYPORT=${TINYPORT:-8888}
 #Critical (least verbose), Error, Warning, Notice, Connect (to log connections without Info's noise), Info
 TINYLOGLEVEL=${TINYLOGLEVEL:-Error}
 TINYLOGLEVEL=${TINYLOGLEVEL//\"/}
+TINYLOGOUTPUT=${TINYLOGOUTPUT:-stdout}
 EXT_IP=$(getExtIp)
 INT_IP=$(getEthIp)
 INT_CIDR=$(getEthCidr)
@@ -20,6 +21,14 @@ sed "s/TINYPORT/${TINYPORT}/" ${SOURCE_CONF} >${CONF}
 sed -i "s/TINYLOGLEVEL/${TINYLOGLEVEL}/" ${CONF}
 sed -i -r "s/^#?Listen/Listen ${INT_IP}/" ${CONF}
 
+if [[ "file" == "${TINYLOGOUTPUT}" ]]; then
+  LOGDIR=/var/log/tinyproxy
+  [[ ! -d ${LOGDIR} ]] &&mkdir -p ${LOGDIR} || true
+  touch ${LOGDIR}/tinyproxy.log
+  chown tinyproxy:tinyproxy ${LOGDIR}/tinyproxy.log
+  sed -i -r "s%^#?LogFile.*%LogFile \"${LOGDIR}/tinyproxy.log\"%" ${CONF}
+fi
+
 sed -i "s!#Allow INT_CIDR!Allow ${INT_CIDR}!" ${CONF}
 #Allow only local network
 if [[ -n ${LOCAL_NETWORK:-''} ]]; then

diff --git a/docker-compose-dist.yml b/docker-compose-dist.yml
@@ -23,17 +23,19 @@ services:
         #- CYBER_SEC=off #CyberSec is a feature protecting you from ads, unsafe connections, and malicious sites
       - TECHNOLOGY=NordLynx #openvpn or nordlynx (default)
       - OBFUSCATE=off # or on, obfuscate only available when using openvpn(tcp or udp), hide use of vpn.
-        #- IPV6=off #optional, off by default, on/off available, off disable IPV6 in nordvpn app
-        #- NORDVPN_LOGIN=<email> #Not required if using secrets
-        #- NORDVPN_PASS=<pass> #Not required if using secrets
-        #- DEBUG=0 #(0/1) activate debug mode for scripts, dante, tinproxy
-        #- LOCAL_NETWORK=192.168.0.0/24 #LAN to route through proxies and vpn.
-        #- TINYUSER: optional, enforces authentication over tinyproxy when set with TINYPASS.
-        #- TINYPASS: optional, enforces authentication over tinyproxy when set with TINYUSER.
-        #- TINYLOGLEVEL=error #Optional, default error: Critical (least verbose), Error, Warning, Notice, Connect (to log connections without Info's noise), Info
-        #- TINYPORT=8888 #define tinyport inside the container, optional, 8888 by default,
-        #- DANTE_LOGLEVEL="error" #Optional, error by default, available values: connect disconnect error data
-      - DANTE_ERRORLOG=/dev/stdout #Optional, /dev/null by default
+      #- IPV6=off #optional, off by default, on/off available, off disable IPV6 in nordvpn app
+      #- NORDVPN_LOGIN=<email> #Not required if using secrets
+      #- NORDVPN_PASS=<pass> #Not required if using secrets
+      #- DEBUG=0 #(0/1) activate debug mode for scripts, dante, tinproxy
+      #- LOCAL_NETWORK=192.168.0.0/24 #LAN to route through proxies and vpn.
+      #- TINYUSER: optional, enforces authentication over tinyproxy when set with TINYPASS.
+      #- TINYPASS: optional, enforces authentication over tinyproxy when set with TINYUSER.
+      #- TINYLOGLEVEL=error #Optional, default error: Critical (least verbose), Error, Warning, Notice, Connect (to log connections without Info's noise), Info
+      #- TINYPORT=8888 #define tinyport inside the container, optional, 8888 by default,
+      - TINYLOGOUTPUT=stdout #stdout or file (=>/var/log/tinyproxy.log
+      #- DANTE_LOGLEVEL="error" #Optional, error by default, available values: connect disconnect error data
+      - DANTE_LOGOUTPUT=stdout #Optional, syslog[/facility], stdout
+
       #- DANTE_DEBUG=0 # Optional, 0-9
     secrets:
       - NORDVPN_CREDS

diff --git a/etc/danted.conf.tmpl b/etc/danted.conf.tmpl
@@ -1,7 +1,7 @@
 internal: eth0 port=1080
 internal: 127.0.0.1 port=1080
 external: INTERFACE
-logoutput: stdout
+logoutput: DANTE_LOGOUTPUT
 debug: DANTE_DEBUG
 
 socksmethod: none